Privacy Groups Take Facebook Quarrel to the Feds

The Electronic Privacy Information Center, key privacy group, has filed a complaint with the Federal Trade Commission arguing that the privacy changes Facebook made a little more than a week ago were unfair and deceptive.

"We think this is the most important matter now before the FTC, and the reason is that Facebook has more than 100 million subscribers in the United States," Marc Rotenberg, EPIC's executive director, told the E-Commerce Times.

This is the latest development in a backlash against the social network that appears to be gaining momentum.

When Facebook implemented its
privacy overhaul, it probably expected to encounter some resistance. After all, it was taking the unprecedented step of requiring 350 million or so users worldwide to
review and update their privacy settings.

It seems safe to assume, however, that the reaction, in at least some quarters, has been more than it bargained for.

First, just a day after implementing its "transition tool," as it's called, user feedback prompted the social network to change the way it had originally handled the
visibility of Friends lists on the site.

Call for an Investigation

Far more user information has become publicly available as a result of the change, the group argues, as well as becoming more accessible to third-party developers.

EPIC urged the FTC to open an investigation into the changes, and to require that Facebook restore the privacy safeguards it had in place before the change pending its findings.

Among the groups supporting the complaint, according to EPIC, are the American Library Association, the Center for Digital Democracy, the Consumer Federation of America, FoolProof Financial Education, Patient Privacy Rights, Privacy Activism, the Privacy Rights Now Coalition, the Privacy Rights Clearinghouse and the U.S. Bill of Rights Foundation.

'Unfair and Misleading'

"Facebook chose to change everyone's privacy settings, and it's clear from users, bloggers, security experts and others that it really was unfair and misleading," EPIC's Rotenberg said. "What we found was that through this transition, Facebook had nudged the settings toward further disclosure."

Facebook had said that its transition process would preserve any current settings, "but they didn't show you what those were," Rotenberg noted. Furthermore, "the only option if you changed your current settings was to make information more widely available.

"We're not happy about where things are," he concluded. "Facebook can't ignore the 100 million U.S. consumers who are generally unhappy with these changes."

7 Data Elements Exposed

The biggest problem with the privacy overhaul "is that there are many people who open Facebook accounts that may not actively use them," Paul Stephens, director of policy advocacy with the
Privacy Rights Clearinghouse, told the E-Commerce Times.

"If that were the case, and they were not aware of the changes made to the privacy policy, there are seven data elements of their privacy data that were previously not available but that are now available to everyone," Stephens explained. "My understanding is that if you don't affirmatively go in and make that information private, it will presumably be available to anyone that enters the site."

It's not just Facebook that suffers from such problems, Stephens pointed out -- "Facebook is the focus of the complaint just because of their size," he said.

Still, while it's expected that "there will be bumps in the road" as privacy policies are honed, "this was a pretty big one," he concluded.

'We're Disappointed'

Facebook discussed its privacy program with "many regulators, including the FTC, prior to launch," and it expects to continue to work with them in the future, company spokesperson Andrew Noyes said in a prepared statement.

"We've had productive discussions with dozens of organizations around the world about the recent changes and we're disappointed that EPIC has chosen to share their concerns with the FTC while refusing to talk to us about them," Noyes said.

Facebook's plan to provide users control over their privacy and how they share content is "unprecedented in the Internet age," he added, and "we have gone to great lengths to inform users about our platform changes."

'I Don't Endorse the Complaint'

It should be noted that not all privacy groups stand behind EPIC's complaint.

"I think Facebook did some things right, and I think there are some things that could be better," Larry Magid, codirector of
ConnectSafely, told the E-Commerce Times. ConnectSafely is a member of the newly established
Facebook Safety Advisory Board.

No Place for Government?

It's "great" that Facebook provided granular control over privacy, "terrific" that users can block who can see individual postings, and "I think it's historic that they got 350 million people to think about privacy for three minutes," Magid said.

Nevertheless, "I see no reason why any information needs to be mandatorily controlled," he added. "I also wish minors by default didn't have their Friends list exposed."

Either way, while it's good that EPIC has raised the issue, "I'm not sure the government needs to be involved," he concluded.

'There Are Benefits to Sharing'

Indeed, "the important thing to recognize here is that the issue is not whether this is the perfect privacy policy or set of tools, but that this is an ongoing process of innovation," said Berin Szoka, senior fellow and director for the
Center for Internet Freedom at the Progress and Freedom Foundation.

Many privacy advocates would say that all data should be opt-in, "but that doesn't strike a balance with the fact that there are benefits to sharing," Szoka told the E-Commerce Times. "Unlike EPIC, I don't think sharing is a bad thing -- the trick is to do it in a way that empowers users with granular control over the things they really find sensitive."

'Like Deer in the Headlights'

Looking at the privacy issue from a higher level, "nobody can agree on what should be done," Szoka noted.

The solution offered by companies like Facebook, Google and Yahoo is to offer "privacy by design," he pointed out.

"If you jump on companies every time they announce a new privacy-by-design feature, you leave them like deer in the headlights," he warned. "They'll be terrified to move forward with anything."